AI vs. Supply Chain Security: Learn how to defend your code. Save your seat.

AsyncAPI npm organization compromised, 2M weekly downloads affected

A Shai-Hulud Miasma evolution supply chain attack targets AsyncAPI packages, injecting a multi-staged dropper into developer tools downloaded millions of times weekly

Breaking News: Multiple AsyncAPI npm packages compromised with a multi-staged dropper.
More details to follow.

Affected Packages

Package nameAffected versions
@asyncapi/generator3.3.1
@asyncapi/generator-components0.7.1
@asyncapi/generator-helpers1.1.1
@asyncapi/specs@6.11.2, 6.11.2-alpha.1

Overview

This is a highly sophisticated, multi-stage supply chain attack. The malware functions as a hybrid info-stealer, crypto-stealer, and Remote Access Trojan (RAT). It actively attempts to confuse analysts by mimicking known campaigns (like Miasma) and targets developers and repository maintainers.

The malware has an Ethereum address embedded in it, but no transaction was detected relating to this address.

Impact

  • The affected packages have over 2M weekly downloads.

Recommended Actions

Immediate Actions:

  1. Revoke and Rotate Tokens: Immediately revoke all developer tokens associated with npm, PyPI, and Cargo on any suspected machine.
  2. Monitor Peer-to-Peer Traffic: Flag or restrict traffic to standard BitTorrent bootstrap nodes (router.bittorrent.com, router.utorrent.com, dht.transmissionbt.com) and IPFS gateways (ipfs.io) on developer networks.
  3. Review Code Repositories: Audit recent commits and package releases on your organization’s public/private registries for unauthorized code injections (especially looking for embedded payloads in main JS files, bypassing post-install restrictions).

Technical Analysis

image

The malware is a highly sophisticated crypto-stealer, info-stealer, and full-blown RAT with a multi-stage dropper. It targets everything on the local machine, self-duplicates, and has many, many lines of code. How many?

91,973.

image

Since it does a huge number of things, we’re reviewing only the most interesting parts:

  • Using legitimate infrastructure for storing data
  • Using legitimate infrastructure as backup C2
  • Using Torrent-based beaconing
  • Self-duplication across npm, PyPI & Cargo
  • Locale check for Russia, and termination if on a Russian machine
  • Crypto wallet stealing, Cloud Configuration stealing & RAT behavior

The malware uses ipfs.io – a legitimate peer-to-peer network to store and share data – in order to store its malicious payload. Later on – it uses it as a fallback server in case the C2 server is not functional.

image

The malware also uses a wide array of backup communication nodes and beacons to keep communication alive even after the C2 fails, and to bypass network-based blocks.

This includes torrent URLs such as:

  • router.bittorrent.com
  • router.utorrent.com
  • dht.transmissionbt.com
image

If the malware finds a working token for npm, PyPI, or Cargo, it tries to self-duplicate on the victim’s registry packages.

image

The malware contains multiple checks. If it runs inside a virtual machine, if there’s an EDR present, or if the current machine’s language is Russian. If so, it terminates itself to avoid detection or infection of unwanted machines.

image

 The malware has the classic info-stealer/crypto-stealer logic, as we’ve seen in numerous other malicious campaigns.

image
image

The malware uses 85[.]137[.]53[.]71 as a remote C2 server.

The malware also embeds an Ethereum contract address – 0x12c37A86a0Ed0beBe5d1d6a43E42f07860eAc710 – although we didn’t manage to analyze exactly how it’s being used inside the code.

image

Although the malware has some similarities to the Shai-Hulud and Miasma campaigns, and it contains the Miasma string multiple times inside its code, this malware isn’t the same as them, nor is it attributed to the Miasma/Shai-Hulud/TeamPCP campaigns that we’ve seen in the past.

image

Conclusion

This supply chain attack hits in the middle of 2026, showing us that supply chain attacks are only getting worse, more complicated, and even managing to fight researchers psychologically. Attackers are aware of it being researched, and are using the Miasma name to mislead security engineers and hide the malware’s true attribution.

It also elevates the use of legitimate infrastructure as part of its hiding process, bypassing detection for sandboxed environments and EDRs, and tries not to self-infect its Russian creators, which we can deduce from the Russian language locale check.

npm’s v12 is out, blocking post-install scripts, but threat actors didn’t need to use them as they just embedded the malicious code inside the main JavaScript file without being blocked. This amplifies the message we extensively discussed in npm Is Fighting the Right War With the Wrong Weapons – and we don’t see this trend changing anytime soon.

IOCs

  • 0x12c37A86a0Ed0beBe5d1d6a43E42f07860eAc710
  • 85[.]137[.]53[.]71

Tags:

post banner image

Security That Moves at the Speed AI Builds

See what your AI agents decide and whether it’s safe before it runs. Connect a repo in minutes.

Get Your Software Secured
Frame 2085668530

Subscribe to Our Newsletter

Stay updated with the latest SaaS insights, tips, and news delivered straight to your inbox.

Group 1261154229